Optical networking systems that communicate information over optical fiber links are common place. An example of an optical transport system is an Active Ethernet (AE) network. An AE network can deliver voice, video, and data among multiple network nodes, often referred to as optical network terminals (ONTs), using a common optical fiber link. Each ONT terminates the optical fiber link for a residential or business subscriber, and is sometimes referred to as a subscriber premises node. Each ONT is connected to one or more client devices, which ultimately receive the voice, video, and data delivered via the optical network from a service provider network. Generally, an AE network includes an optical Ethernet switch, having multiple, independent optical network interface modules that serve multiple optical fiber links and that is located remotely from the ONT. An optical network interface module provides for transmission and reception of data packets over a particular optical fiber link that serves an ONT.
The AE network and the ONT operate based on IEEE 802.3 defined media access control (MAC) and physical layers. The utilization of standard Ethernet MAC and physical layers may enable the AE network to use off-the-shelf Ethernet devices. These Ethernet devices are loosely coupled, meaning that the ONT and the optical Ethernet switch may not generally require any knowledge about each other in order to transmit data between the two devices. As such, it may be possible to terminate the optical fiber link on a device different than the one provided by the provider network operator, which may permit undesirable devices to operate on the service provider network. The IEEE 802.1X authentication standard may be used to prevent unauthorized access. However, this standard generally requires establishing and maintaining an authentication server, such as a Remote Authentication Dial In User Service (RADIUS) database, that maintains credentials such as a username/password combination or digital certificate that is unique to each subscriber or device. Consequently, 802.1X authentication tends to be a solution that requires maintenance of additional infrastructure in a central office as well as administrative overhead to continually update and maintain the credentials stored on the authentication server.